CVE-2017-16608
published 2018-01-23CVE-2017-16608: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required…
PriorityP184critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
4.31%
89.9th percentile
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4749.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netgain-systems | enterprise_manager | < 7.2.766 | 7.2.766 |
| netgain_systems | netgain_systems_enterprise_manager | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttp://[target]:8081/u/jsp/tools/exec.jsp?command=cmd%20%2Fc%20ping%20%7C%7C%20mkdir%20C%3A%5CUsers%5CPublic%5Cfun%20%7C%7C&argument=127.0.0.1&async_output=nessus_56043399↗
- →The patch in version 7.2.586 build 877 is incomplete; detections should not assume patched builds are safe if the command parameter can still be manipulated with pipe/OR operators after the required prefix. ↗
- →Look for unauthenticated GET/POST requests to exec.jsp on port 8081 with a 'command' parameter starting with 'cmd /c ping' or 'ping -c 5' followed by additional shell operators. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qwfr-wxv4-wpf7: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager
ghsa_unreviewed·2022-05-13
CVE-2017-16608 [CRITICAL] CWE-134 GHSA-qwfr-wxv4-wpf7: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4749.
VulnCheck
netgain-systems enterprise_manager Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
vulncheck·2017·CVSS 9.8
CVE-2017-16608 [CRITICAL] netgain-systems enterprise_manager Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
netgain-systems enterprise_manager Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4749.
Affected: netgain-systems enterprise_manager
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
No detection rules found.
No public exploits indexed.
2018-01-23
Published
Exploited in the wild